Mandiant Incident Response Visit the Mandiant Incident Response page
Support Visit the Google Cloud Support hub
Careers Browse open positions at Chronicle
Chronicle Return to the Chronicle homepage
Security Operations Platform arrow_forward expand_more
Security Operations Platform

Explore the Security Operations Platform for the modern SOC.

Security Operations Platform
Overview Detect, investigate, and respond to cyber threats with speed, scale, and precision.
Detect Detect threats with confidence by storing and analyzing all your security telemetry at Google scale.
Investigate Get faster insights with context and depth of investigation to stay ahead of the latest breaches.
Respond Orchestrate tools, build automation, and collaborate with ease to respond in minutes.
Solutions arrow_forward expand_more
Solutions

Reimagine your security operations with affordable solutions.

Solutions
Mandiant Hunt for Chronicle Uncover hidden attacks with elite threat hunters by your side.
SOC Modernization Protect your organization against modern-day threats.
Cloud detection & response Improve investigation and response to cloud-based threats.
Service providers Attract new customers and keep existing ones coming back.
Chronicle CyberShield Helping Governments Defend Against Modern Threats
Why Chronicle arrow_forward expand_more
Why Chronicle

Rely on a modern approach to threat detection and response.

Why Chronicle
How we’re different Add Google speed, scale and intelligence to your SOC.
Our customers Discover how modern security teams use Chronicle.
Partners arrow_forward expand_more
Partners

We work together with our partners to help our customers protect themselves.

Partners
Overview Through product integrations and security expertise, together we bring more effective solutions to market.
Solutions for Small to Mid-Sized Business Expert resources for organizations with up to 2000 employees
Resources arrow_forward expand_more
Resources

Get to know us better. Find out what we’ve learned, what’s new, and what’s next.

Resources
Blog Get an inside view of the digital security landscape.
Knowledge Base Sortable whitepapers, datasheets, videos, and more.
Community Join security pros sharing SecOps content and best practices
Contact us Visit the contact us page
Chronicle Return to the Chronicle homepage
Security Operations Platform arrow_forward expand_more
Security Operations Platform

Explore the Security Operations Platform for the modern SOC.

Security Operations Platform
Overview Detect, investigate, and respond to cyber threats with speed, scale, and precision.
Detect Detect threats with confidence by storing and analyzing all your security telemetry at Google scale.
Investigate Get faster insights with context and depth of investigation to stay ahead of the latest breaches.
Respond Orchestrate tools, build automation, and collaborate with ease to respond in minutes.
Solutions arrow_forward expand_more
Solutions

Reimagine your security operations with affordable solutions.

Solutions
Mandiant Hunt for Chronicle Uncover hidden attacks with elite threat hunters by your side.
SOC Modernization Protect your organization against modern-day threats.
Cloud detection & response Improve investigation and response to cloud-based threats.
Service providers Attract new customers and keep existing ones coming back.
Chronicle CyberShield Helping Governments Defend Against Modern Threats
Why Chronicle arrow_forward expand_more
Why Chronicle

Rely on a modern approach to threat detection and response.

Why Chronicle
How we’re different Add Google speed, scale and intelligence to your SOC.
Our customers Discover how modern security teams use Chronicle.
Partners arrow_forward expand_more
Partners

We work together with our partners to help our customers protect themselves.

Partners
Overview Through product integrations and security expertise, together we bring more effective solutions to market.
Solutions for Small to Mid-Sized Business Expert resources for organizations with up to 2000 employees
Resources arrow_forward expand_more
Resources

Get to know us better. Find out what we’ve learned, what’s new, and what’s next.

Resources
Blog Get an inside view of the digital security landscape.
Knowledge Base Sortable whitepapers, datasheets, videos, and more.
Community Join security pros sharing SecOps content and best practices
Mandiant Incident Response Visit the Mandiant Incident Response page
Support Visit the Google Cloud Support hub
Careers Browse open positions at Chronicle
IDC Study: Customers cite 407% ROI with Google Chronicle. Learn More IDC Study: Customers cite 407% ROI with Google Chronicle. .
One Year…and Counting!
March 5, 2020

It’s been one year since we announced our security analytics platform. We decided to start by doing one thing exceedingly well, and that was incident investigation against massive piles of data. Since then, a few changes have occurred…and we’ve continued to expand the platform. For example, during the past year we added support for EDR data, one of the largest sets of telemetry in many companies, and announced a new partnership with Tanium for EDR integration. We also added the ability to pivot from a device to a user, and to see normal vs. unusual user behavior quickly.

We’ve recently added several new interesting capabilities.

The first is intelligent data fusion, a combination of a specialized data model that maps incoming telemetry into a flexible structure; automatic enriching and linking of events into a timeline; and an API to serve this data to third party applications, in addition to our UI. Analysis against enriched events simplifies detection rule authoring as well as investigations.

The second is a new threat detection capability, in addition to high speed investigation. We’ve not only added a new realtime and retrospective execution engine, but we’ve also created YARA-L, a specialized threat detection language for log data. YARA is a widely used and standard language for expressing security rules, created by the VirusTotal team here at Google. We’ve extended that capability with a powerful language for expressing behavioral detection over time. It’s well-suited to handle the types of complex, sequenced threat behaviors described in Mitre ATT&CK.

The two capabilities work together so that customers can create powerful detection rules against intelligent, auto-enriched and structured telemetry. We make this available in our UI as well as through a new API that other security vendors can use to enhance their own products.

“Cortex XSOAR offers automated enrichment, response and case management to enterprise-wide threats,” said Rishi Bhargava, VP, Product Strategy at Palo Alto Networks. “The integration with Chronicle’s new detection capabilities and event timelines, across months or years’ of data, enhances that response and enables comprehensive threat management for our mutual customers.”

We’ve continued to work with a growing set of security vendors, to integrate their log data into our platform. We’ve just added Acalvio, SIEMplify, Swimlane, and Vectra, each announcing new integrations with Chronicle. Here’s to a great year ahead!

Let’s work together

Ready for Google-speed threat detection and response?

Contact us Visit the contact us page